General

  • Target

    2a41b8df5b88e7e57ad356486e45ae11_JaffaCakes118

  • Size

    2.9MB

  • Sample

    241009-eckk9awgpb

  • MD5

    2a41b8df5b88e7e57ad356486e45ae11

  • SHA1

    79c84e0684aefc93c039b7405dbcb3650bc1c0ce

  • SHA256

    a3528d1769254239abf14c2a3271ba710a91d23cadfbce619fba6d99495ede91

  • SHA512

    2b96ea703dea11564816d3067872c7c5ac7c8d692d0b2931e446ab3d2716a48ea90dce65865abc76252bb4ba827b68061ef270b5f4443e7313a74b20d824989f

  • SSDEEP

    49152:lnqLvvJ9Fod/OpY1Jf+YvoVkXrYErnuKlAhUpd01RMEEWIjf5EfdNQmvLc1UGn:ZqjTyop1CrYsuKlAhUpCMEEFjf5YLzjC

Malware Config

Targets

    • Target

      2a41b8df5b88e7e57ad356486e45ae11_JaffaCakes118

    • Size

      2.9MB

    • MD5

      2a41b8df5b88e7e57ad356486e45ae11

    • SHA1

      79c84e0684aefc93c039b7405dbcb3650bc1c0ce

    • SHA256

      a3528d1769254239abf14c2a3271ba710a91d23cadfbce619fba6d99495ede91

    • SHA512

      2b96ea703dea11564816d3067872c7c5ac7c8d692d0b2931e446ab3d2716a48ea90dce65865abc76252bb4ba827b68061ef270b5f4443e7313a74b20d824989f

    • SSDEEP

      49152:lnqLvvJ9Fod/OpY1Jf+YvoVkXrYErnuKlAhUpd01RMEEWIjf5EfdNQmvLc1UGn:ZqjTyop1CrYsuKlAhUpCMEEFjf5YLzjC

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b0c77267f13b2f87c084fd86ef51ccfc

    • SHA1

      f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

    • SHA256

      a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

    • SHA512

      f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

    • SSDEEP

      192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      eac1c3707970fe7c71b2d760c34763fa

    • SHA1

      f275e659ad7798994361f6ccb1481050aba30ff8

    • SHA256

      062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3

    • SHA512

      3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09

    • SSDEEP

      96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn

    Score
    3/10
    • Target

      $R0

    • Size

      33KB

    • MD5

      ace9f19e19a07de0fe7e0f1e858a523c

    • SHA1

      898c63c2f9c32d1148f8618a6f9dee89984a8f9d

    • SHA256

      7e79de7c3ef68b615e86a732597a8022de71a14d81be4b4978db39a67cfc3d57

    • SHA512

      a2e32fe5c3652824572f8f1a9a7b145e1c17cb6fbffa52903cffa548f450df89d996b933f95726bb514dfaa16c7d9b2ffa1caedf6ccbf6f1a577b48b0b052ebb

    • SSDEEP

      384:DpbEzt/FPOksY2vb/qDl2uzCnpkDBnAeZv7/HkrWZ75fSvO3PHl/QgIZM46aeHb:DpAztlObS8rnpkCwz/AmAO3PxzC59eH

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks